The malware powering the botnet is a variant of Palevo, a computer worm that spreads by exploiting Windows vulnerabilities, copying itself to removable storage devices and network shares, as well as sending itself over instant messaging and p2p file sharing networks.

Palevo, also known as Pilleuz or Rimecud, was also responsible for the Mariposa (Butterfly) botnet taken down by Spanish authorities in March 2010. At the time, officials considered the botnet the largest in the world.

In July the same year, the Slovenian Criminal Police arrested an individual suspected of being the lead developer behind Palevo, however, the worm made a comeback late last year.

Security researchers from Trend Micro said in May Palevo’s activity is as strong as it was before Mariposa went down. This was likely the result of the new botnet that Unveillance was tracking.

The law enforcement action in Europe last week ended with arrest of a man from Banja Luka, Bosnia and one from Slovenia. Police said the two operated the botnet in an effort to steal money from the bank accounts of people worldwide.